Maurice Werner, Owner/MSP
Werner Technology Solutions / Werner Enterprises Solutions LLC
While it is difficult for a business, an organization, or a single person to foresee and eliminate the threats of cybersecurity, there’s a reason why cybersecurity checklists and IT security checklists exist: to strengthen all forms of cybersecurity. The challenge of maintaining the safety of your data and systems continues to grow, but you can make it easier with this list of top items to include in your cybersecurity checklist.
1. Use a Secure File-Sharing Solution
Preventing and mitigating cybercrime starts within the business or organization. One of the best items to check off from your cybersecurity checklist is to set up and implement a secure file-sharing platform. Secure file-sharing is the act of sending forms of documents digitally in a way that ensures that unauthorized users are prohibited from seeing the documents. If your business holds and transmits confidential data, then sharing files securely should rank high on your list, especially when these data are shared only with a few select people or groups who have all the rights to sensitive information.
Typically, secure file-sharing is paired with a combination of numerous security protocols, such as data encryption, multi-factor authentication, and other security controls that grant access to the files only to the necessary and appropriate people. Thankfully, there are many types of secure file-sharing systems for you to choose from. Each one comes with its own varying features, security protocols, and even prices to cater to your specific needs.
2. Enforce a Strong Password Policy
Strong passwords continue to be an important, relevant, and simple, yet effective security measure. Your IT policy should instruct employees to use complex passwords for everything from your computer log in to email and social media.
Did you know that over 3 million people use “123456” as their frontline for security? This is unacceptable and highly concerning.
Strong passwords use a combination of upper- and lower-case letters, numbers, and special characters. Your IT policy should also recommend avoiding creating passwords using birthdays, ID numbers, hometowns, addresses, or any other personal information.
Motivate and require personnel to change their passwords at least four times or more per year. Old passwords should never be reused. Coworkers, friends, or family members, should not have access to your passwords unless absolutely necessary.
3. Use Anti-Malware and Anti-Virus Programs
Anti-malware and anti-virus systems and software are essential tools for fighting against cyber threats. These are an obvious weapon against cybercrime and one of the best practices for business and personal cyber security. Anti-virus software and systems inoculate your computer against viruses and other malware.
Businesses and organizations and single users need to ensure that their programs are continuously up-to-date. Your programs must always be set to check for and install updates frequently, scan computers on a set schedule, and religiously check for unwanted media uploaded from flash drives and external hard drives. At larger agencies and corporations, each workstation must be configured to report the antivirus status to a centralized station to inform about unforeseen malware and update the workstations accordingly.
Having antivirus software on a device does not always guarantee 100% safety, nor absolute protection from evolving cybercrime methods. However, having this software and keeping it automatically updated saves the employees the trouble of installing manual updates, while the system continues to acquire new defenses against the latest ransomware, spyware, and other forms of viruses.
4. Conduct Routine Security Awareness Training for your Staff
The COVID-19 pandemic and the proliferation of people working from home has contributed to a new wave of phishing. These attacks are designed to take advantage of the distress employees may feel due to the pandemic, and the tendency to do office work at home on unprotected computers, phones, and other devices, away from the vigilant watch of the company’s IT department.
Security awareness training is on this cybersecurity checklist for good reason. Periodic training is recommended to educate employees on the current cyber-attack methods used by hackers to gain access to computers, like phishing, pharming, and ransomware attacks. Security awareness training is not only about attacks, but is also a great opportunity for the organization to review all related corporate policies and the entire cybersecurity checklist.
For example, although spam filters are good at identifying malicious emails, if employees trust that the filters are 100% effective, then when spam emails do slip past the filters, employees may assume that they are authentic. At that point, employees are only a few steps away from exposing all the organization’s sensitive data and proprietary information. To counteract this, employees must participate in regular cybersecurity training that highlights the identification and mitigation of potential attacks.
On the topic of employees, organizations must also do background checks on potential staff members before granting them access to company resources and information. Unfortunately, today’s internet connectivity could pose more threats when paired with tiny, yet very powerful USB storage devices as they are enough to copy or even erase information without leaving any tracks.
5. Have a Data Breach Response Plan
Even if you religiously check off the four above-mentioned items in your cybersecurity checklist, this does not guarantee an entirely safe organization. Unfortunately, all businesses must prepare for assorted worst-case scenarios, in this context meaning a cyber-attack. Assume that it’s not a matter of if, but when, and have a data breach response plan including effective emergency recovery policies.
Aside from when a data breach occurs, the plan involves many different steps. This plan must be able to organize and facilitate the company’s efforts to containing an attack. Employees must be assigned to consistently maintain and update the plan to ensure the speedy recovery of important data, networks, systems, etc. If an attack does happen, communication channels between these employees must be observed all throughout the process. It could also take on the form of documenting the events leading up to the discovery of the breach and developing a communications plan to reassure the employees of their safety.
For more information on any of these 5 steps and more, please contact us today.
Please call me for a 15-minute no-obligation consultation.
Our goal is to earn and retain your good will by providing excellent service at a reasonable rate with sound business principles.
We know the success of our business future depends on the degree of satisfaction we render to YOU, our customer.
If you are happy, tell others. If not, tell us!
Maurice Werner, Owner/MSP
© 2004, 2022 Werner Enterprises Solutions LLC. All rights reserved. This Material may not be reproduced or distributed in any form without permission.
Many thanks to TitanFile for much of this material: https://www.titanfile.com/blog/10-best-practices-for-email-security/